diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2015-10-15 19:49:23 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2015-10-15 19:49:23 +0000 |
| commit | 1956adf0e6e59d41ed646c83d2b2b4f7f55c74c0 (patch) | |
| tree | dbf3e3298ba952b8d8f6b1e4b5bf88c440eec92b /usr.sbin | |
| parent | b93042047b27c1352bfa194cc430932143062881 (diff) | |
child can be pledged down a bit to just sockets and io
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/rebound/rebound.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/usr.sbin/rebound/rebound.c b/usr.sbin/rebound/rebound.c index 0a670a16333..52be698b1c2 100644 --- a/usr.sbin/rebound/rebound.c +++ b/usr.sbin/rebound/rebound.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rebound.c,v 1.1 2015/10/15 19:43:30 tedu Exp $ */ +/* $OpenBSD: rebound.c,v 1.2 2015/10/15 19:49:22 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -326,6 +326,11 @@ launch(const char *confname, int ud, int ld, int kq) close(kq); + if (pledge("stdio inet", NULL) == -1) { + logmsg(LOG_DAEMON | LOG_ERR, "pledge failed"); + exit(1); + } + af = readconfig(conf, &remoteaddr); fclose(conf); if (af == -1) { |